package com.ruoyi.order.controller;

import com.ruoyi.common.core.web.controller.BaseController;
import com.ruoyi.common.core.web.domain.AjaxResult;
import com.ruoyi.common.security.annotation.RequiresPermissions;
import com.ruoyi.order.annotation.ApiVisitLog;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.RestController;

/**
 * 安全API接口
 */
@RestController
@RequestMapping("/api/secure")
public class SecureApiController extends BaseController {

    /**
     * 需要api:view权限的接口
     */
    @GetMapping("/data")
    @RequiresPermissions("api:view")
    public AjaxResult secureData() {
        return success("这是需要权限才能访问的API数据");
    }

    /**
     * 需要api:admin权限的接口
     */
    @GetMapping("/admin")
    @RequiresPermissions("api:admin")
    public AjaxResult adminData() {
        return success("这是管理员才能访问的API数据");
    }
    @ApiVisitLog
    @GetMapping("/withLog")
    public AjaxResult apiWithLog(@RequestParam String apiKey) {
        return success("这个API的访问会被记录");
    }
}